Invalid packet messages in dmesg on Slackware64 14
Hey guys,
for a while now I've noticed this messages in my dmesg output: Code:
[ 2780.795888] Invalid packet: IN=wlan0 OUT= MAC=ec:55:f9:af:27:be:00:0c:42:71:9d:bc:08:00 SRC=74.125.234.177 DST=192.168.88.199 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=65392 PROTO=TCP SPT=443 DPT=44817 WINDOW=0 RES=0x00 RST URGP=0 Thanks |
Code:
173.194.34.79 is GOOGLE Code:
grep -iw wlan0 /var/log/* |
1 Attachment(s)
with
Code:
grep -iw wlan0 /var/log/* Code:
/var/log/syslog.1:Oct 27 21:17:26 DeathStar kernel: [ 2255.613646] INPUT packet died: IN=wlan0 OUT= MAC= SRC=192.168.88.199 DST=239.192.152.143 LEN=147 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=36708 DPT=6771 LEN=127 the output is attached (the complete output was 6 MB so i edited to leave only newer messages). |
You can see your firewall settings, somewhere will be "-j LOG --log-prefix="INPUT packet died: ". These messages generated with that firewall rule.
|
Yeah logging firewall rules is something for the masochists among us ;)
|
You can use an online whois to lookup destination ip addresses as Habitual probably did for you
you can google port numbers (or look at /etc/services) to get an idea what service is using that port 6771 is often used by a p2p service called transmission, perhaps someone on your lan is using this? If you have run a p2p app recently, and you have quit the application, peers will still try to connect for a while and your firewall will reject them. One of those 3 lines has a TTL of one, and all have a local ip of 192.168.88.199 - this sounds like local broadcast traffic one of my favourites is (as root) Quote:
Quote:
you should be able to match this info with your log output to help you see what is going on on your network. tobyl |
Thanks guys for all the replies. As soon as I get home I'll try them out. =D
|
Thanks bormant and all the others for the help, it was this
Code:
-j LOG --log-prefix="INPUT packet died: " |
Quote:
|
All times are GMT -5. The time now is 07:48 AM. |